On Fri, 7 May 2004, David Fokkema wrote: > On Thu, May 06, 2004 at 09:40:25AM +0200, Yasar Arman wrote: > > > > > > On Wed, 5 May 2004, David Fokkema wrote: > > > > > > > > Basically, this means that every linux based firewall, whether it be > > > graphical point-and-click interfaces, or script generating firewalls or > > > whatever, they all use iptables to install their rules into the kernel. > > > > > > > Thats not true. There are some closed-source Firewalls out there (e.g. > > Checkpoint FW-1) which have their own filters. > > I had no idea. Then these must be hacking into the kernel, right? >
not necessarily. The kernel has some hooks to get the network data before they are delivered to the higher protocol levels. AFAIR you can use iptables/netfilter along with checkpoint fw-1, but this could end up in unpredictable results. regards, yasar
